Cisco Duo Reports Hack at Telephony Supplier Exposed MFA SMS Logs

Penka Hristovska
Penka Hristovska Senior Editor
Published on: April 16, 2024
Penka Hristovska Penka Hristovska
Published on: April 16, 2024 Senior Editor

The security team at Cisco Duo on Monday reported a cyberattack on its telephony provider. According to the  Cisco Data Privacy and Incident Response Team, hackers stole VoIP and SMS logs used for multi-factor authentication (MFA) messages from some customers.

The company announced the attack in a customer notice, stating that the breach exposed phone numbers, phone carriers, metadata, and other logs.

The notice details how a threat actor acquired employee credentials via a phishing attack, then used those credentials to access the telephony provider’s systems. The intruder subsequently downloaded SMS and VoIP MFA message logs linked to specific Duo accounts.

“More specifically, the threat actor downloaded message logs for SMS messages that were sent to certain users under your Duo account between March 1, 2024, and March 31, 2024. The message logs did not contain any message content but did contain the phone number, phone carrier, country, and state to which each message was sent, as well as other metadata (e.g., date and time of the message, type of message, etc.),” the notice reads.

Cisco said the hacked telephony provider reported that the threat actor did not download or access the content of any messages, nor did they use their access to send messages to any of the numbers in the message logs.

Cisco added that customers with affected Duo accounts can request copies of the stolen message logs. It also warned users about potential attacks that may stem from the hack.

“Because the threat actor obtained access to the message logs through a successful social engineering attack on the Provider, please contact your customers with affected users whose phone numbers were contained in the message logs to notify them, without undue delay, of this event and to advise them to be vigilant and report any suspected social engineering attacks to the relevant incident response team or other designated point of contact for such matters, Cisco said.

Cisco is yet to reveal the name of the affected telephony supplier or the number of customers impacted by this incident.

About the Author
Penka Hristovska
Penka Hristovska
Senior Editor
Published on: April 16, 2024

About the Author

Penka Hristovska is an editor at SafetyDetectives. She was an editor at several review sites that covered all things technology — including VPNs and password managers — and had previously written on various topics, from online security and gaming to computer hardware. She’s highly interested in the latest developments in the cybersecurity space and enjoys learning about new trends in the tech sector. When she’s not in “research mode,” she’s probably re-watching Lord of The Rings or playing DOTA 2 with her friends.

Leave a Comment